diff options
author | DmitriyEshenko <snooppy@mail.ua> | 2019-11-08 16:05:48 +0000 |
---|---|---|
committer | DmitriyEshenko <snooppy@mail.ua> | 2019-11-08 16:05:48 +0000 |
commit | bdd95c4fa54015a37bbe5c206469bd1b0552d0dc (patch) | |
tree | 4d9599cedd11b16ad7fddfa298a0d9d793c3b045 | |
parent | 104c00ed08585b49a29665b0f43cca0377901528 (diff) | |
download | vyos-1x-bdd95c4fa54015a37bbe5c206469bd1b0552d0dc.tar.gz vyos-1x-bdd95c4fa54015a37bbe5c206469bd1b0552d0dc.zip |
QAT: T1788: Intel QAT implementation
-rw-r--r-- | Makefile | 1 | ||||
-rw-r--r-- | interface-definitions/intel_qat.xml | 22 | ||||
-rw-r--r-- | op-mode-definitions/show-acceleration.xml | 63 | ||||
-rwxr-xr-x | src/conf_mode/intel_qat.py | 108 | ||||
-rwxr-xr-x | src/op_mode/show_acceleration.py | 118 |
5 files changed, 312 insertions, 0 deletions
@@ -48,6 +48,7 @@ op_mode_definitions: rm -f $(OP_TMPL_DIR)/show/system/node.def rm -f $(OP_TMPL_DIR)/delete/node.def rm -f $(OP_TMPL_DIR)/reset/vpn/node.def + rm -f $(OP_TMPL_DIR)/show/system/node.def .PHONY: all all: clean interface_definitions op_mode_definitions diff --git a/interface-definitions/intel_qat.xml b/interface-definitions/intel_qat.xml new file mode 100644 index 000000000..5e4d5b190 --- /dev/null +++ b/interface-definitions/intel_qat.xml @@ -0,0 +1,22 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="system"> + <children> + <node name="acceleration" owner="${vyos_conf_scripts_dir}/intel_qat.py"> + <properties> + <help>Acceleration components</help> + <priority>50</priority> + </properties> + <children> + <leafNode name="qat"> + <properties> + <help>Enable Intel QAT (Quick Assist Technology) for cryptographic acceleration</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> + diff --git a/op-mode-definitions/show-acceleration.xml b/op-mode-definitions/show-acceleration.xml new file mode 100644 index 000000000..d0dcea2d6 --- /dev/null +++ b/op-mode-definitions/show-acceleration.xml @@ -0,0 +1,63 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="system"> + <properties> + <help>Show system information</help> + </properties> + <children> + <node name="acceleration"> + <properties> + <help>Acceleration components</help> + </properties> + <children> + <node name="qat"> + <properties> + <help>Intel QAT (Quick Assist Technology) Devices</help> + </properties> + <children> + <tagNode name="device"> + <properties> + <help>Show QAT information for a given acceleration device</help> + <completionHelp> + <script>${vyos_op_scripts_dir}/show_acceleration.py --dev_list</script> + </completionHelp> + </properties> + <children> + <node name="flows"> + <properties> + <help>Intel QAT flows</help> + </properties> + <command>${vyos_op_scripts_dir}/show_acceleration.py --flow --dev $6</command> + </node> + <node name="config"> + <properties> + <help>Intel QAT configuration</help> + </properties> + <command>${vyos_op_scripts_dir}/show_acceleration.py --conf --dev $6</command> + </node> + </children> + </tagNode> + <node name="status"> + <properties> + <help>Intel QAT status</help> + </properties> + <command>${vyos_op_scripts_dir}/show_acceleration.py --status</command> + </node> + <node name="interrupts"> + <properties> + <help>Intel QAT interrupts</help> + </properties> + <command>${vyos_op_scripts_dir}/show_acceleration.py --interrupts</command> + </node> + </children> + <command>${vyos_op_scripts_dir}/show_acceleration.py --hw</command> + </node> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py new file mode 100755 index 000000000..a1abd5e81 --- /dev/null +++ b/src/conf_mode/intel_qat.py @@ -0,0 +1,108 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# + +import sys +import os +import re +import subprocess + +from vyos.config import Config +from vyos import ConfigError + +# Define for recovering +gl_ipsec_conf = None + +def get_config(): + c = Config() + config_data = { + 'qat_conf' : None, + 'ipsec_conf' : None, + 'openvpn_conf' : None, + } + + if c.exists('system acceleration qat'): + config_data['qat_conf'] = True + + if c.exists('vpn ipsec '): + gl_ipsec_conf = True + config_data['ipsec_conf'] = True + + if c.exists('interfaces openvpn'): + config_data['openvpn_conf'] = True + + return config_data + +# Control configured VPN service which can use QAT +def vpn_control(action): + if action == 'restore' and gl_ipsec_conf: + ret = subprocess.Popen(['sudo', 'ipsec', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + return + + ret = subprocess.Popen(['sudo', 'ipsec', action], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + +def verify(c): + # Check if QAT service installed + if not os.path.exists('/etc/init.d/vyos-qat-utilities'): + raise ConfigError("Warning: QAT init file not found") + + if c['qat_conf'] == None: + return + + # Check if QAT device exist + ret = subprocess.Popen(['sudo', 'lspci', '-nn'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + if not err: + data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output.decode("utf-8")) + #If QAT devices found + if not data: + print("\t No QAT acceleration device found") + sys.exit(1) + +def apply(c): + if c['ipsec_conf']: + # Shutdown VPN service which can use QAT + vpn_control('stop') + + # Disable QAT service + if c['qat_conf'] == None: + ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'stop'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + if c['ipsec_conf']: + vpn_control('start') + + return + + # Run qat init.d script + ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + + if c['ipsec_conf']: + # Recovery VPN service + vpn_control('start') + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + apply(c) + except ConfigError as e: + print(e) + vpn_control('restore') + sys.exit(1) diff --git a/src/op_mode/show_acceleration.py b/src/op_mode/show_acceleration.py new file mode 100755 index 000000000..3ba0e85dd --- /dev/null +++ b/src/op_mode/show_acceleration.py @@ -0,0 +1,118 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2019 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import sys +import os +import re +import argparse +import subprocess +from vyos.config import Config + +def detect_qat_dev(): + ret = subprocess.Popen(['sudo', 'lspci', '-nn'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + if not err: + data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output.decode("utf-8")) + #If QAT devices found + if data: + return + print("\t No QAT device found") + sys.exit(1) + +def show_qat_status(): + detect_qat_dev() + + # Check QAT service + if not os.path.exists('/etc/init.d/vyos-qat-utilities'): + print("\t QAT service not installed") + sys.exit(1) + + # Show QAT service + os.system('sudo /etc/init.d/vyos-qat-utilities status') + +# Return QAT devices +def get_qat_devices(): + ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'status'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + if not err: + #print(output) + data_st = output.decode("utf-8") + elm_lst = re.findall('qat_dev\d', data_st) + print('\n'.join(elm_lst)) + +# Return QAT path in sysfs +def get_qat_proc_path(qat_dev): + q_type = "" + q_bsf = "" + ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'status'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + (output, err) = ret.communicate() + if not err: + # Parse QAT service output + data_st = output.decode("utf-8").split("\n") + for elm_str in range(len(data_st)): + if re.search(qat_dev, data_st[elm_str]): + elm_list = data_st[elm_str].split(", ") + for elm in range(len(elm_list)): + if re.search('type', elm_list[elm]): + q_list = elm_list[elm].split(": ") + q_type=q_list[1] + elif re.search('bsf', elm_list[elm]): + q_list = elm_list[elm].split(": ") + q_bsf = q_list[1] + return "/sys/kernel/debug/qat_"+q_type+"_"+q_bsf+"/" + +# Check if QAT service confgured +def check_qat_if_conf(): + if not Config().exists_effective('system acceleration qat'): + print("\t system acceleration qat is not configured") + sys.exit(1) + +parser = argparse.ArgumentParser() +group = parser.add_mutually_exclusive_group() +group.add_argument("--hw", action="store_true", help="Show Intel QAT HW") +group.add_argument("--dev_list", action="store_true", help="Return Intel QAT devices") +group.add_argument("--flow", action="store_true", help="Show Intel QAT flows") +group.add_argument("--interrupts", action="store_true", help="Show Intel QAT interrupts") +group.add_argument("--status", action="store_true", help="Show Intel QAT status") +group.add_argument("--conf", action="store_true", help="Show Intel QAT configuration") + +parser.add_argument("--dev", type=str, help="Selected QAT device") + +args = parser.parse_args() + +if args.hw: + detect_qat_dev() + # Show availible Intel QAT devices + os.system('sudo lspci -nn | egrep -e \'8086:37c8|8086:19e2|8086:0435|8086:6f54\'') +elif args.flow and args.dev: + check_qat_if_conf() + os.system('sudo cat '+get_qat_proc_path(args.dev)+"fw_counters") +elif args.interrupts: + check_qat_if_conf() + # Delete _dev from args.dev + os.system('sudo cat /proc/interrupts | grep qat') +elif args.status: + check_qat_if_conf() + show_qat_status() +elif args.conf and args.dev: + check_qat_if_conf() + os.system('sudo cat '+get_qat_proc_path(args.dev)+"dev_cfg") +elif args.dev_list: + get_qat_devices() +else: + parser.print_help() + sys.exit(1)
\ No newline at end of file |